Information Exposure Vulnerability in Essential Addons for Elementor WordPress Plugin
CVE-2026-7665
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 6 June 2026
What is CVE-2026-7665?
The Essential Addons for Elementor plugin for WordPress contains an information exposure vulnerability through its ajax_load_more function. This flaw, present in all versions up to 6.6.4, allows unauthorized users to access sensitive data, including posts marked as password protected, private, or draft. The vulnerability arises from a lack of adequate restrictions governing which posts can be retrieved, potentially permitting bad actors to extract confidential information without proper authentication.
Affected Version(s)
Essential Addons for Elementor β Popular Elementor Templates & Widgets 0 <= 6.6.4
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Anirudh Makkar